> Thank you for the information. I do understand that some Bogons > IPs(subnets) are blocked as listed in the denyalways.txt file. In this > case the ASSP log shows that the address block of 14.0.0.0/8(Class A > Subnet) is blocking this email. But looking at the ASSP log I read it > as the server that is sending this email is at 148.112.145.8(Class B > Subnet) which is not in the same subnet/address block as the Bogons > IP(14.0.0.0/8) and therefore should not be blocked by this > restriction.
In effect, looking at your log snippet Sep-28-11 10:20:46 m1-23246-09351 [Worker_2] [TLS-in] [TLS-out] [DenyStrict] 148.112.145.8 < [email protected] > to: [email protected] blocked by denySMTPConnections or droplist strict: 14.0.0.0/8 it sounds like ASSP is just considering the "14" in the first "148" octet and, after comparing it with the bogons list, rejecting the email considering that IP address as belonging to the 14/8 netblock (and for sure it isn't the case); not sure, but it sounds to me like a bug sitting inside the code which is parsing the addresses and comparing them to the "deny list" (or maybe to some other lists) ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
